View previous topic :: View next topic |
Author |
Message |
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Tue Apr 26, 2005 10:07 am Post subject: predatorwall 3.0: iptables system |
|
|
predatorwall is a project that I created awhile ago, targetted at creating a seemless iptables system thats flexible and configurable. It includes a number of things which can provide a stronger firewall then most. The code is partly perl and partly shell script. The core it's self and all installation/upgrade scripts are written in shell script, where as most tools are written in perl. This has been tested on slackware current and includes full gentoo support. Below is the info taken directly from my about file.
Code: | Project name: predatorwall
Version: 3.0
Developer/maintainer: predatorfreak
Requirements: iptables and sh
Optional requirements: perl and apache (see notes)
Notes: perl is used for anti-timeout.pl.
Apache is required for anti-timeout.pl because anti-timeout.pl's job
is too edit the apache configuration file.
About: Predatorwall 3.0 is a new, cleaner and more streamlined version
of Predatorwall. The new version is much simpler both code wise and
design wise then any versions before it. It includes new versions of
older scripts rewritten in either perl or shell script.
Features:
Inbound/Outbound security
TCP state flag inspection
Kernel level security via sysctl
Unrestricted passive FTP
TCP flood protection
Spoofing protection
Configurable server security
Configurable opening of SSH/Samba ports
Clean design and development model
Logging |
Download link: http://www.dcaf-security.org/predwall-3.0.tar _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up.
Last edited by predatorfreak on Fri Apr 29, 2005 8:49 pm; edited 4 times in total |
|
Back to top |
|
|
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Wed Apr 27, 2005 3:29 am Post subject: |
|
|
rc5 done, changes are the addition of --limit-burst on the flood protection rules aswell as uping the default limit from 2/s (horrible number for this) to 10/s (still low, but harder protection then using 20/s).
Download link: http://www.dcaf-security.org/predwall-3.0-rc5.tar _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
Back to top |
|
|
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Wed Apr 27, 2005 8:58 pm Post subject: |
|
|
predatorwall 3.0-rc6 is out and ready. Below are the changes from rc5.
Code: | Add SAMBA to open the default samba port when enabled.
Remove predwall-controller, just edit the config file.
Updates to anti-timeout (perl), fix backup creation.
Improved SSH rules. |
Download link: http://www.dcaf-security.org/predwall-3.0-rc6.tar _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
Back to top |
|
|
Deranger Veteran
Joined: 26 Aug 2004 Posts: 1215
|
Posted: Wed Apr 27, 2005 10:39 pm Post subject: |
|
|
This is a really interesting project. Working fine, so far...
Keep up the good work! |
|
Back to top |
|
|
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Thu Apr 28, 2005 11:41 am Post subject: |
|
|
Oktane wrote: | This is a really interesting project. Working fine, so far...
Keep up the good work! |
Good to hear it's working well and I plan to keep up development for quite awhile. _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
Back to top |
|
|
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Thu Apr 28, 2005 12:55 pm Post subject: |
|
|
Ok, I've got 3.0 sitting here. The changes are the addition of the final doc. Although, I have to go over the doc and make sure I didn't screw it up. From here I have to scan over my code again just to be sure I didn't screw up anywhere in there (minor or otherwise). At the latest it should be out by early tomarrow. _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
Back to top |
|
|
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Fri Apr 29, 2005 7:52 pm Post subject: |
|
|
Some last minute changes are going to delay a final 3.0 release, there appears to be some problems with the SAMBA rules (now renamed SAMBA to SMB) and I'm trying to work them out. _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
Back to top |
|
|
predatorfreak l33t
Joined: 13 Jan 2005 Posts: 708 Location: USA, Michigan.
|
Posted: Fri Apr 29, 2005 8:46 pm Post subject: |
|
|
3.0 final released, 3.0-rc7 was made but the changes worked so it has become final with some minor spelling corrections to the final doc.
www.dcaf-security.org/predwall-3.0.tar _________________ System: predatorbox
Distro: Arch Linux x86_64
Current projects: blackhole, convmedia and anything else I cook up. |
|
Back to top |
|
|
|